admportal/server/router/routes/csp.js

   1 var exec = require('child_process').exec;
   2 var dbRoutes = require('./dbRoutes');
   3 var fs = require('fs.extra');
   4 var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
   5
   6 var retURL = "";
   7 var noCookieUrl = "";
   8 var logoutUrl = "";
   9
  10 function logout(req,res){
  11         console.log("logout");
  12         req.session.loggedInAdmin = undefined;
  13         res.redirect('/login');
  14 }
  15
  16 function login (req,res) {
  17
  18 console.log('login');
  19 var tkn = req.sanitize(req.body._csrf);
  20 console.log('login:tkn=' + tkn);
  21
  22         var loggedInAdmin={};
  23         var email = req.sanitize(req.body.email);
  24         var pswd = req.sanitize(req.body.password);
  25         dbRoutes.findAdminUser(email,res,function(adminUser){
  26                 if(adminUser !== null){
  27
  28                         // make sure correct password is provided
  29                         if (pswd != adminUser.password) {
  30                                 res.render("pages/login",
  31                                 {
  32                                         result:
  33                                         {
  34                                                 code:'error',
  35                                                 msg:'Invalid password entered.'
  36                                         },
  37                                         header:process.env.MAIN_MENU
  38                                 });
  39                                 return;
  40                         }
  41
  42                         var loggedInAdmin = {
  43                                 email:adminUser.email,
  44                                 csrfToken: tkn,
  45                                 password:adminUser.password,
  46                                 privilege:adminUser.privilege
  47                         }
  48             req.session.loggedInAdmin = loggedInAdmin;
  49                 console.log("Login Success"+JSON.stringify(loggedInAdmin));
  50                 res.redirect('sla/listSLA');
  51                 }else{
  52                         res.render("pages/err",
  53                         {
  54                                 result:
  55                                 {
  56                                         code:'error',
  57                                         msg:'User ' + attuid + ' is not in the database.  Please see an adminstrator to have them added.'
  58                                 },
  59                                 header:process.env.MAIN_MENU
  60                         });
  61                 }
  62         });
  63 }
  64
  65 function checkAuth(req,res,next){
  66
  67         var host = req.get('host');
  68         var url = req.url;
  69         var originalUrl = req.originalUrl;
  70
  71         console.log("checkAuth");
  72
  73         var host = req.headers['host'];
  74         console.log('host=' + host);
  75         console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
  76         if(req.session == null || req.session == undefined
  77                 || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
  78         {
  79                 // nothing else to do but log them back in, or they may
  80                 // be coming from the graph tool
  81                 console.log("loggedInAdmin not found.session timed out.");
  82                 res.render('pages/login');
  83                 return false;
  84         }
  85         next();
  86 }
  87
  88 function checkPriv(req,res,next)
  89 {
  90   var priv = req.session.loggedInAdmin;
  91   if(req.session == null || req.session == undefined
  92                 || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
  93   {
  94     res.render("pages/err",
  95                 {
  96                         result: {code:'error', msg:'Unexpected null session.'},
  97                         header: process.env.MAIN_MENU
  98                 });
  99     return;
 100   }
 101   else
 102   {
 103     if (priv.privilege == 'A')
 104     {
 105       next();
 106       return;
 107     }
 108     else
 109     {
 110       res.render("pages/err",
 111                         {
 112                                 result: { code:'error', msg:'User does not have permission to run operation.'},
 113                                 header: process.env.MAIN_MENU
 114                         });
 115       return;
 116     }
 117   }
 118 }
 119
 120
 121 exports.login = login;
 122 exports.logout = logout;
 123 exports.checkAuth = checkAuth;
 124 exports.checkPriv = checkPriv;